信息网络安全 ›› 2014, Vol. 14 ›› Issue (9): 161-164.doi: 10.3969/j.issn.1671-1122.2014.09.036

• 入选论文 • 上一篇    下一篇

陌生网络边界防火墙规则配置方法研究

王一飞   

  1. 中国人寿电子商务有限公司,北京 100033
  • 收稿日期:2014-08-06 出版日期:2014-09-01
  • 作者简介:王一飞(1980-),男,北京,高级工程师,博士,主要研究方向:风险管理。

Study on Configuration Methods of Unacquainted Network Edge Firewall Rules

WANG Yi-fei   

  1. China Life Ecommerce Company Ltd., Beijing 100033, China
  • Received:2014-08-06 Online:2014-09-01

摘要: 文章分析了防火墙工程部署中陌生网络边界问题的产生原因与危害,归纳了应对这一问题的3种传统方法。结合在大型网络中的工程实施经验,提出了解决陌生网络边界访问规则配置问题的“需求分析—日志挖掘”技术体系。基于调研案例分析和管理心理学,对体系中的需求分析法进行了具体设计;基于数据库技术和防火墙日志分析技术,对体系中的日志挖掘法进行了具体设计。使用市场主流防火墙产品,对文章提出的方法进行了测试与验证。

关键词: 网络访问控制, 防火墙, 陌生网络边界, 需求分析, 日志挖掘

Abstract: This article summarizes the reason and damage of unacquainted network edge problem in firewall engineering configuration, proposes three traditional solutions to this problem. Combining project experiences in large network, a demand analysis and log-exploring technical system is put forward as a new solution to configurate unacquainted network edge access rules. Based on many case studies and managerial psychology, demand analysis method is detailed design. Based on database and firewalls log analysis technology, log-exploring method is detailed design. The method in this article has been test and proven to be successful by using the mainstream firewall.

Key words: network access control, firewall, unacquainted network edge, demand analysis, log-exploring